Using Web Proxies Module: ZAP replacer trouble - User-Agent

Hi. First time poster here, so apologies if this is not in the correct category.

I am currently working through the ‘Bug Bounty Hunter’ path. I am on the ‘Using web proxies’ module, specifically, the ‘Automatic Modification’ section within the module.

This section shows you how to automatically modify your user agent using Burp Suite and ZAP. I am attempting to use ZAP as I already have some familiarity with Burp Suite and ZAP seems to be a good choice going forward as it is open source and has several of the paid features that Burp Suite offers.

I’m not stuck on a particular question, I am simply trying to follow along with the module, but I cannot seem to get the user agent to change.

I feel like I am following the steps but there must be something I am missing or doing wrong. If anybody has any advice it would be much appreciated.

Below is a screenshot of my replacement rule within ZAP Replacer. I would have provided more screenshots but as I am a new forum member, I can only embed one.

My Replacement Rule

The steps I have taken are below:

  • Opened Zap, started a new session, and opened Replacer options.
  • Add new rule using the options in the screenshot above, click save, and Ok.
  • Open the integrated browser in ZAP and turn on the break requests option.
  • Navigate to the IP provided by HTB for the ‘Ping your IP’ webpage.
  • Go back to ZAP and view the captured ‘Break’ in the top right viewer (or stay on the web page and look at it in the ZAP HUD, both result in no change to user agent).
  • Hit ‘Submit and continue to next Breakpoint’ button a few times to make sure I was looking at the correct response, the user agent still remained the same.

If you need any additional information, please just ask, I don’t want to make this post super long by including every step I have tried to rectify the issue, but here are a few things I have tried;

  • Restarted ZAP
  • Tried changing ‘request header’ to ‘request header (string)’ & used ‘^User-Agent.*$’ instead of the drop down option
  • Tried with ‘Match regex’ box checked and unchecked
  • Disabled and enabled the rule
  • Removed rule & recreated
  • Attempted to navigate to several different websites as well as the ‘Ping your IP’ webpage provided by HTB
  • apt update & apt upgrade
  • Restarted laptop

I am hoping this is something simple that I have overlooked but I am struggling to find it, could be a case of not being able to see the forest for the trees but who knows!? Hopefully one of you guys!

Also, I forgot to mention that during my troubleshooting steps, I restarted the application after every change to make sure it was a fresh session and was not retaining any of the changed settings. Thanks in advance for any help.

Have you tried reloading the page with cache reset CTRL+SHIFT+R ?

Not sure if it’s a cache issue

Hi, sorry for the delayed reply and thank you for responding. I think I tried that earlier but I wasn’t sure, so I have just tested again. Still the same result unfortunately.

The next step in the module is to create another replace rule for the response body, changing the ‘type=number’ string, to ‘type=text’, and then it asks you to do the same for ‘maxlength=3’ to ‘maxlength=100’.

I set up the rules for both of them and they work absolutely fine, so I don’t know if this helps, but now I’m even more confused…

personally my first experiences with Zap have been absolutely awful. including the Replacer nothing has ever worked for me. catching responses is a hit and miss too. opening browsers, etc. seems it gets a lot of praise so i’m probably doing something wrong on my side but Burp works a first try. Zap not even after the thousandth one.

I know this was a while ago but I was having the same issues focusing on stepping through the request in the HUD I never got the user agent to change. Got frustrated and just hit continue and went back and checked ZAP instance and there it was:

1 Like

So, I guess the replacer do changed the header. But zap captured the request header and showed it before the change, thus we can’t see it changed.

In situations where you need to handle user-agent issues with web proxies, using the right kind of proxies can make a big difference. For instance, sticky datacenter proxies can be really effective for maintaining a consistent identity while dealing with web applications that require a steady user-agent. If you’re running into trouble with your current setup, you might want to look into sticky datacenter proxies. They help keep your requests consistent without frequent IP changes, which could help resolve some of the issues you’re encountering. For more details on how sticky proxies can help, you can check out this resource - https://proxyrotator.com/sticky-proxies/sticky-datacenter-proxies/. It might offer some solutions or alternatives that fit your needs.